Discover and read the best of Twitter Threads about #vb2022

Most recents (2)

#ESETresearch reveals new findings about POLONIUM, an APT group that has targeted more than a dozen organizations in Israel 🇮🇱 since at least September 2021, using at least seven different custom backdoors.
welivesecurity.com/2022/10/11/pol…
1/6
Five of the seven described #POLONIUM backdoors were previously undocumented. At the time of writing our blogpost, the latest one (PapaCreep) was still being used. It is also the first one not written in C# or PowerShell. 2/6
Interestingly, the commands of the FlipCreep backdoor do exactly the opposite of what’s expected. We don’t know if this was a mistake, but UPLOAD actually downloads files from the FTP server to the victim, and DOWNLOAD uploads files. 3/6
Read 6 tweets
#ESETresearch has discovered #Lazarus attacks against targets in 🇳🇱 and 🇧🇪, spreading via spearphishing emails and exploiting the CVE-2021-21551 vulnerability to disable the monitoring of all security solutions on compromised machines @pkalnai welivesecurity.com/2022/09/30/ama…
@pkalnai The attack started with spearphishing emails connected to fake job offers, targeting an aerospace company in the Netherlands, and a political journalist in Belgium. The attackers then deployed a VMProtect-ed version of #BLINDINGCAN, a fully featured HTTP(S) backdoor. 2/6
@pkalnai Notably, the attackers used a rootkit named FudModule.dll, that modifies kernel variables and removes kernel callbacks to disable monitoring of all security solutions on the system. This is the first recorded abuse of the CVE-2021-21551 vulnerability in Dell DBUtil drivers. 3/6
Read 6 tweets

Related hashtags

Did Thread Reader help you today?

Support us! We are indie developers!


This site is made by just two indie developers on a laptop doing marketing, support and development! Read more about the story.

Become a Premium Member ($3.00/month or $30.00/year) and get exclusive features!

Become Premium

Too expensive? Make a small donation by buying us coffee ($5) or help with server cost ($10)

Donate via Paypal Become our Patreon

Thank you for your support!